CVE-2020-25704

Published: Dic 02, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-18359 Aliases: GSD-2020-25704
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 4,9
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: complete

Description

AI Translation Available

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0006
Percentile
0,2th
Updated

EPSS Score Trend (Last 91 Days)

401

Missing Release of Memory after Effective Lifetime

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Instability Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Reduce Performance
Applicable Platforms
Languages: C, C++, Not Language-Specific
Likelihood of Exploit: Medium
View CWE Details
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version 5.10
cpe:2.3:o:linux:linux_kernel:5.10:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Starwind Virtual San by Starwindsoftware

Product Information
Vendor Starwindsoftware
Product Starwind Virtual San
Version v8
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Starwind San \& Nas by Starwindsoftware

Product Information
Vendor Starwindsoftware
Product Starwind San \& Nas
Version v8r12
cpe:2.3:a:starwindsoftware:starwind_san_\&_nas:v8r12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Starwind Hyperconverged Appliance by Starwindsoftware

Product Information
Vendor Starwindsoftware
Product Starwind Hyperconverged Appliance
Version -
cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Command Center by Starwindsoftware

Product Information
Vendor Starwindsoftware
Product Command Center
Version -
cpe:2.3:a:starwindsoftware:command_center:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version 5.10
cpe:2.3:o:linux:linux_kernel:5.10:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
To 5.9 (inclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugzilla.redhat.com/show_bug.cgi?id=1895961
Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1895961
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li…
Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7…
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
https://www.openwall.com/lists/oss-security/2020/11/09/1
Mailing List
https://www.openwall.com/lists/oss-security/2020/11/09/1
https://www.starwindsoftware.com/security/sw-20220802-0003/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220802-0003/
https://bugzilla.redhat.com/show_bug.cgi?id=1895961
Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1895961
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li…
Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7…
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html
https://lists.debian.org/debian-lts-announce/2020/12/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html
https://www.openwall.com/lists/oss-security/2020/11/09/1
Mailing List
https://www.openwall.com/lists/oss-security/2020/11/09/1
https://www.starwindsoftware.com/security/sw-20220802-0003/
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220802-0003/